Enabling Hybrid Storage with Egnyte

Egnyte, a Google Cloud Platform Technology Partner and a 2016 Gartner Magic
Quadrant Leader for Enterprise File Synchronization and Sharing (EFSS), offers
Google customers the ability to easily create a hybrid SaaS file sync and share
infrastructure that harnesses the power and flexibility of GCP
services with the security and centralized IT administration of on-premises
content management.

With Egnyte Connect, customers who require that some content remain on-premises and
who must avoid a "cloud-only" model can easily use
Google Cloud Storage
in addition to their on-premises storage.

Egnyte delivers EFSS services that anticipate IT and business needs, so users
can easily, securely, and intelligently access and share files stored on
premises and in Cloud Storage. Egnyte provides unparalleled flexibility, unified
visibility, and centralized control over data to facilitate collaboration and to
optimize legacy and future infrastructure investments. Egnyte Connect also works
with G Suite.

Integrating GCP with Egnyte Connect

Enterprise organizations often need to collaborate on very large files, such as
videos, construction blueprints, or medical imagery. Storing
these file types in the cloud might result in undesirable latency using a pure
cloud storage approach, and potentially business disruption if
Internet connectivity is lost. The problem is compounded for geographically dispersed
organizations, where some locations might have an unreliable or narrow pipe
to the cloud.

Egnyte's hybrid deployment model offers the option to deploy an on-premises
storage device located at each of the user facilities which is connected through
Egnyte's Storage Sync product to the cloud. Content stored in a public cloud
is synchronized through Egnyte to this on-premises storage. As a
result, access to content is real-time and reliable. Users
based in different locations can collaborate on their content while maintaining
version control and having access to the most recent content.

Large, unwieldy files are not the only concern of companies with hybrid model
enterprise file sync and share needs. Additional considerations include
regulatory or compliance requirements, or business continuity requirements that
ensure the organization can function if internet connectivity is
disrupted.

Companies that are interested in a hybrid model want:

The cloud as a file server for a portion of their corporate data

Collaboration on sensitive files with strong IT control and administration

On-premises storage seamlessly synchronizing with cloud storage

A single location to view, manage, and access on-premises and cloud data

Visualizing the architecture

The following diagram illustrates a hybrid storage solution using Cloud Storage
and Egnyte Connect.

Estimating costs

There is no additional charge for customers to download the app that integrates
Egnyte Connect to a new or existing Cloud Storage account, but you must have
paid subscriptions to both Egnyte Connect and Cloud Storage before you start
your integration.

Egnyte is typically priced as a SaaS solution, with monthly per user
subscriptions starting at $8. For more information on Egnyte Connect pricing,
visit the Egnyte website.

Deploying the architecture

This section walks you through getting a trial Egnyte account and setting it up,
creating a new storage bucket and service account in Cloud Storage, and
integrating the two products. Cloud Storage administrators can get
started by creating a Egnyte Connect trial account for use with Cloud Storage.
Existing Egnyte customers who are interested in using Cloud Storage should
contact Egnyte customer support to proceed.

Setting up a Cloud Storage bucket and service account

Create a new storage bucket and service account in Cloud Storage to be
used with Egnyte. Click Create Bucket
in the Storage section of the Google Cloud Platform Console.

Choose the storage class and location that suit your needs, and then click
Create in the lower left of the pane to proceed.

After you've added a new storage bucket, navigate to the IAM & Admin section
of the Cloud Platform Console and create a new service account:

Then select Create Service Account:

Keep the following requirements in mind when you create the service account:

The service account must have the Storage Admin role. This can be configured
in the Role of the service account. Note that you may need to scroll down to
see Storage in the menu.

The key type for the service account must be JSON.

After you create the service account, the private key downloads automatically.

Make a note of the key location. You'll use it later.

Creating an Egnyte Connect trial account

Visit the Egnyte Free Trial page
to create an Egnyte Connect trial account. Be sure to activate your new
account using email before moving on.

Configuring Egnyte and Cloud Storage

Log into your Egnyte Connect account. The first time you log in, you are prompted to
configure your Google Storage settings. This is a mandatory step that
must be completed before you can begin using Egnyte Connect.

Enter the storage bucket and private key from Google Cloud Storage that
you created earlier.

You'll need to copy/paste the JSON from the private key into the Service
Account Private Key JSON field in Egnyte. Make sure the bucket name matches the
one configured in the Cloud Platform Console.

Click Save when you're ready to proceed. You will see a checkmark
next to the Saved button if your Cloud Storage settings have been
accepted:

You're ready to begin using Egnyte Connect. Check out the Egnyte
Getting Started guide for some useful resources to kickstart your trial.

Note: After you have configured your storage provider settings, you will
not be able to change them directly from Egnyte Connect's Web User Interface.
Contact Egnyte Support
if you need to change any of these details.

Reviewing security features

Egnyte takes a holistic view of account security and breaks it
down into four components: user, device, content, and network security.

User security

Egnyte ensures strict user and login enforcement, including SAML 2.0
Single Sign-On (SSO), Active Directory, and two-factor authentication.
Additional user security comes from subfolder permissions, minimum password
length and strength, password rotation, password history, account lockout, and
more to ensure that only users with the right credentials can access data.

Device security

The rapid increase in mobile usage has enabled significant productivity
gains, but it has also created potential security concerns. To address these
concerns, Egnyte Connect features a comprehensive set of tools specifically for
mobile users.

Egnyte delivers additional options including mandatory passcodes,
idle-timeout settings, and automatic file wipe after a set number of incorrect
passcode attempts. Administrators can also control whether files can be downloaded
for offline access, and if a device is stolen, the employee or administrator can
remotely wipe the offline files in the Egnyte application.

Additional security
features include local encryption and certificate-based device trust, so only
authorized devices are allowed to access files.

Device security components include:

Passcode use enforcement

256-bit AES on-device encryption

Remote-wipe for mobile & desktop clients

Trusted device

Offline file access controls

Automatic offline file expiry

Content security

Protecting files when they are at-rest sitting on a hard drive is as
important as when they are being accessed. Egnyte Connect addresses this by
using 256-bit AES encryption and storing the encryption key in a secure key
vault in a completely separate, decoupled database. In addition, multiple
domains can be used, each with unique encryption keys to further isolate and
protect content. And for greater security, Egnyte can be configured so that
files and metadata reside and can be accessed only on-premises and never touch
the cloud.

Content that is stored at-rest in Google Apps storage accounts is encrypted
using the same standards as other documents stored in Google Drive.

Content security components include:

Tier III SSAE 16 compliant data centers

Data center redundancy

Crypto-shredding of deleted files

Physical premises and rack security

Network redundancy

Available customer-managed encryption key solutions

Network security

Egnyte takes a multi-layered approach to network security. First, data is
encoded during transmission using 256-bit AES encryption. ICSA-certified
firewalls are deployed to police the traffic between the public
networks and Egnyte's data center servers. SSL encryption and a network
Intrusion Prevention System (IPS) to monitor and block hackers, worms, phishing,
and other infiltration methods are also incorporated.